Emerald Business Systems Blog


PCI Compliance and Franchising

Posted in PCI,Restaurant by ebs4pos on December 20, 2009

There was post recently on the SPSP Forum regarding the lack of information on franchise operations and PCI compliance. Since I have been searching for a topic to write on, I thought I would take up this topic.

The PCI DSS has only one reference to franchises and that is on page 7. The reference on page 7 is only in regards to sampling. During our first year of QSA training, we were told that PCI compliance in a franchise environment is controlled by the operational relationship between the franchiser (the organization that licenses the concept) and the franchisee (the organization that executes the retail concept). Franchisees typically maintain their own merchant accounts and have their own contracts with an acquiring bank. For PCI compliance purposes, most franchisees are independent from their franchiser and therefore, the franchisee is responsible for their PCI compliance and any document filing.

At their simplest, franchisees use “knuckle busters” and stand-alone terminals. In these instances, the franchisee can fill out and file a self-assessment questionnaire (SAQ) B. Other franchisees, such as those in the fast food industry have purchased un-customized integrated point of sale (POS) with a network at the restaurant. These sorts of installations typically meet the requirements for SAQ C.

via PCI Compliance and Franchising « PCI Guru.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: